The fight against phishing is real.
That’s why during Cyber Security Awareness Month this October the theme focuses on ruining a cyber criminals’ day by teaching Canadians how to fight back against phishing scams.
Phishing is a cyber criminal’s attempt to get sensitive information by pretending to be a legitimate sender such as a bank or a government organization. It is the third most common scam in Canada.
“Phishing is the No. 1 attack technique leveraged by bad actors,” said HUB Customer Central’s IT Security Officer Rick Chisholm. “It is employed over multiple vectors, for example, email, SMS text, WhatsApp/Signal, social media comments and DMs. The goal of the attack is often an attempt to get someone to disclose something of value: credentials, bank information or credit card numbers. Quite often, it is also an early step in a much more sophisticated campaign that could lead to identity theft or, in the case of an organization, intrusion and data loss.”
Chisholm added the popular concept a brooding, hoodie-wearing hacker sequestered in a dark basement surrounded by glowing screens being a significant threat isn’t realistic.
“What is more accurate are cybercrime organizations that are run not much different than any other business and their preferred money-making operation would be ransomware,” he said. “
Chisholm’s advice for anyone is to remain “vigilant and skeptical especially when it comes to Internet activities (email and web browsing).
“Trust your instincts,” Chisholm said. “If an email seems odd don’t hesitate to have your resident IT professional(s) investigate further. Better safe, than sorry.”
During October the Government of Canada and GetCyberSafe.ca will cover topics online including how to tell if you’ve been phished, recovering from a phishing attempt and how to report the scam. It will also share information on protecting yourself and helping older adults and children stay cyber-safe.
In general, the 7 red flags of phishing are:
If you spot ANY of these red flags, don’t click on links, reply or forward and don’t open attachments. Delete the email or text. If you’re at work, reach out to your IT department if you’re not sure.
Visit GetCyberSafe.ca regularly for more resources, tips and tools. You can also: